With the rising tide of trouble for organizations trying to protect their infrastructures, training companies, consulting services businesses, technology vendors and higher institutions have all jumped on the training-cum-certification bandwagon. Given that there are currently 16 designated critical infrastructure sectors in the U.S., many of the IT Security professionals with whom I have spoken, have suggested that their respective sector’s needs varies just enough to require further focus on issues relating to those sectors. For example, a cyber security professional with a strong background in HIPAA might be somewhat out of place in the Energy or Utilities sectors of business, in which key security issues are found in understanding NERC (although many of the NERC compliance rules are common across most Critical Infrastructures). Aside from the CISSP Uber-cert, and the rising need for CISM / CISA and the heavy-duty SANS GSE / GIAC certification, the following table provides suggested links to industry-leading certifications by sector…
Critical infrastructure sector: Chemical
Relevant IT security certification: "The Chemical Sector is an integral component of the U.S. economy that manufactures, stores, uses, and transports potentially dangerous chemicals upon which a wide range of other critical infrastructure sectors rely. Securing these chemicals against growing and evolving threats requires vigilance from both the private and public sector."—DHS
- Disaster Recovery Institute (Various Certs)
- Computer Security Incident Handler (CSIH)
- Other DHS Chemical Sector Training
- GICSP
Critical infrastructure sector: Commercial Facilities
Relevant IT security certification: "The Commercial Facilities Sector includes a diverse range of sites that draw large crowds of people for shopping, business, entertainment, or lodging. Facilities within the sector operate on the principle of open public access, meaning that the general public can move freely without the deterrent of highly visible security barriers.”—DHS
Critical infrastructure sector: Communications
Relevant IT security certification: "The Communications Sector is an integral component of the U.S. economy, underlying the operations of all businesses, public safety organizations, and government. Presidential Policy Directive 21 identifies the Communications Sector as critical because it provides an “enabling function” across all critical infrastructure sectors.”—DHS
Critical infrastructure sector: Critical Manufacturing
Relevant IT security certification: "The Critical Manufacturing Sector is crucial to the economic prosperity and continuity of the United States. A direct attack on or disruption of certain elements of the manufacturing industry could disrupt essential functions at the national level and across multiple critical infrastructure sectors.”—DHS
Critical infrastructure sector: Dams
Relevant IT security certification: "The Dams Sector delivers critical water retention and control services in the United States, including hydroelectric power generation, municipal and industrial water supplies, agricultural irrigation, sediment and flood control, river navigation for inland bulk shipping, industrial waste management, and recreation. Its key services support multiple critical infrastructure sectors and industries.”—DHS
Critical infrastructure sector: Defense Industrial Base
Relevant IT security certification: "The Defense Industrial Base Sector is the worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements. Defense Industrial Base companies include domestic and foreign entities, with production assets located in many countries.”—DHS
Critical infrastructure sector: Emergency Services
Relevant IT security certification: "The Emergency Services Sector (ESS) is a community of millions of highly-skilled, trained personnel, along with the physical and cyber resources, that provide a wide range of prevention, preparedness, response, and recovery services during both day-to-day operations and incident response.”—DHS
- FEMA EMI Courses
- ISO 22320 Homeland Security (Specific to Emergency Services)
- CHSM
- CEMS
- Others
Critical infrastructure sector: Energy
Relevant IT security certification: "The U.S. energy infrastructure fuels the economy of the 21st century. More than 80 percent of the country's energy infrastructure is owned by the private sector, supplying fuels to the transportation industry, electricity to households and businesses, and other sources of energy that are integral to growth and production across the nation.”—DHS
Homeland Security (Specific to Energy Sector)
Critical infrastructure sector: Financial Services
Relevant IT security certification: "The Financial Services Sector represents a vital component of our nation's critical infrastructure. Large-scale power outages, recent natural disasters, and an increase in the number and sophistication of cyberattacks demonstrate the wide range of potential risks facing the sector.”—DHS
Critical infrastructure sector: Food & Agriculture
Relevant IT security certification: "The Food & Agriculture Sector is almost entirely under private ownership and is composed of an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities, and accounts for roughly one-fifth of the nation's economic activity.”—DHS
Critical infrastructure sector: Government Facilities
Relevant IT security certification: "The Government Facilities Sector includes a wide variety of buildings, located in the United States and overseas, that are owned or leased by federal, state, local, and tribal governments. These facilities include general-use office buildings and special-use military installations, embassies, courthouses, national laboratories, and structures that may house critical equipment, systems, networks, and functions.”—DHS
Critical infrastructure sector: Healthcare & Public Health
Relevant IT security certification: "The Healthcare and Public Health Sector protects all sectors of the economy from hazards such as terrorism, infectious disease outbreaks, and natural disasters. Because the majority of the sector's assets are privately owned and operated, collaboration and information sharing between the public and private sectors is essential to increasing resilience of the nation's Healthcare and Public Health critical infrastructure.”—DHS
Critical infrastructure sector: Information Technology
Relevant IT security certification: "Information Technology is central to the nation's security, economy, and public health and safety as businesses, governments, academia, and private citizens are increasingly dependent upon Information Technology Sector functions. These virtual and distributed functions produce and provide hardware, software, and information technology systems and services, and—in collaboration with the Communications Sector—the Internet.”—DHS
Critical infrastructure sector: Nuclear Reactors, Materials, Waste
Relevant IT security certification: "The Nuclear Reactors, Materials, and Waste Sector covers most aspects of America’s civilian nuclear infrastructure. The Nuclear Sector-Specific Agency within the Department of Homeland Security is responsible for coordinating the security and resilience of the Nuclear Sector.”--DHS
Homeland Security (Specific to Nuclear Materials Sector)
Critical infrastructure sector: Transportation Systems
Relevant IT security certification: "Homeland Security and the Department of Transportation are designated as the Co-Sector-Specific Agencies for the Transportation Systems Sector. The nation's transportation system quickly, safely, and securely moves people and goods through the country and overseas.”—DHS
Critical infrastructure sector: Water & Wastewater Systems
Relevant IT security certification: "Safe drinking water is a prerequisite for protecting public health and all human activity. Properly treated wastewater is vital for preventing disease and protecting the environment. Thus, ensuring the supply of drinking water and wastewater treatment and service is essential to modern life and the Nation’s economy.”—DHS
